Wistia

Wistia Channels are easy to drop into a page. Getting them past a strict Content Security Policy is the part that usually wastes an afternoon. If you embed a Wistia Channel and your CSP is even moderately locked down, you’ll usually hit one of these: the channel frame doesn’t render JavaScript inside the embed gets blocked thumbnails or poster images disappear analytics or websocket connections fail custom styling breaks This guide is the practical version: what to allow, why, and copy-paste policies you can start with. ...

Wistia embeds are one of those cases where a clean Content Security Policy gets messy fast. You start with a tight policy, add one video, and suddenly you’re dealing with frame-src, script-src, img-src, connect-src, media delivery, analytics, and a player that wants to talk to a handful of subdomains. If your site already runs a strict CSP, Wistia can feel like the one integration that pressures you into punching holes everywhere. ...